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CLAIMS 



1 1 . A method of pro-actively refreshing credentials by an entity that maintains cre- 

2 dentials, the method comprising the steps of: 

3 a) storing in a memory, a profile collection having at least one credential profile, 

4 each credential profile including a credential and related information; 

5 b) causing the stored credential in the credential profile to be examined in accor- 

6 dance with a refresh policy; 

7 c) comparing at least one criterion of the refresh policy with the related informa- 

8 tion to determine if the credential needs to be refreshed; 

9 d) replacing the stored credential with a new credential in the credential profile if 

10 the stored credential needs to be refreshed; 

l i e) updating the related information of the new credential in the credential profile; 

12 and 

13 f) repeating the steps of c) - e) on a next credential profile in the profile collec- 

14 tion. 

1 2. The method of claim 1 , wherein before step a), the method further comprises the 

2 steps of: 

3 determining if the credential profile for a needed credential exists; and if not, then 

4 creating an empty credential profile; 
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gathering the credential; 

storing the credential in the credential profile; 

obtaining related information including resource constraints on the credential; 

storing the information in the credential profile; and 

repeating the steps if another credential profile needs to be created. 

The method of claim 2, wherein the step of obtaining resource constraints is per- 
formed by manual entry of a user. 

The method of claim 2, wherein the step of obtaining resource constraints is de- 
duced through access attempts. 

The method of claim 2, wherein the step of obtaining resource constraints is ob- 
tained from a directory. 

The method of claim 2, wherein the step of obtaining resource constraints is ob- 
tained from a resource server. 

The method of claim 2, wherein the stored credential includes a public key iden- 
tity credential. 
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1 8. The method of claim 2, wherein the stored credential includes a group member- 

2 ship credential. 

1 9. The method of claim 2, wherein the stored credential includes a group non- 

2 membership credential. 



The method of claim 2, wherein the stored credential includes a non-revocation 
credential. 

The method of claim 2, wherein the stored resource constraints include a recency 
requirement. 

The method of claim 2, wherein the stored resource constraints include a trust 



2 level. 

1 13. The method of claim 2, wherein the stored resource constraints include a maxi- 

2 mum credential chain length. 

1 14. The method of claim 1 , wherein the related information includes storing informa- 

2 tion on a credential identifier. 
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The method of claim 1, the related information includes storing information on 
when the credential was issued. 

The method of claim 1, the related information includes storing information on 
when the credential was last used for a resource access. 

The method of claim 1 ? the related information includes storing information on 
which resource the credential was last used. 

The method of claim 1 , includes refreshing credentials that are older than a certain 
time period. 

The method of claim 1, includes refreshing credentials that were last used within a 
certain time period. 

The method of claim 1 , includes refreshing credentials that are older than an asso- 
ciated recency requirement. 

The method of claim 1 , includes refreshing credentials that are predicted to be 
used in a next session. 
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A processor executable medium having instructions contained therein which when 

2 executed by a processor causes the processor to execute a method of pro-actively 

3 refreshing credentials by an entity that maintains credentials, the method com- 

4 prising the steps of: 

5 a) storing in a memory, a profile collection having at least one credential profile, 

6 each credential profile including a credential and related information; 

7 b) causing the stored credential in the credential profile to be examined in accor- 

8 dance with a refresh policy; 

9 c) comparing at least one criterion of the refresh policy with the related informa- 

10 tion to determine if the credential needs to be refreshed; 

l i d) replacing the stored credential with a new credential in the credential profile if 

12 the stored credential needs to be refreshed; 

13 e) updating the related information of the new credential in the credential profile; 

14 and 

15 f) repeating the steps of c) - e) on a next credential profile in the profile collec- 

16 tion. 

1 23. The processor executable medium of claim 22, wherein before step a), the method 

2 further comprises: 

3 determining if the credential profile for a needed credential exists; and if not, then 
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4 creating an empty credential profile; 

5 gathering the credential; 

6 storing the credential in the credential profile; 

7 obtaining related information including resource constraints on the credential; 

8 storing the information in the credential profile; and 

9 repeating the steps if another credential profile needs to be created. 

1 24. The processor executable medium of claim 23, wherein the step of obtaining re- 

2 source constraints is performed by manual entry of a user. 

1 25. The processor executable medium of claim 23, wherein the step of obtaining re- 

2 source constraints is deduced through access attempts. 

1 26. The processor executable medium of claim 23, wherein the step of obtaining re- 

2 source constraints is obtained from a directory. 

1 27. The processor executable medium of claim 23, wherein the step of obtaining re- 

2 source constraints is obtained from a resource server. 
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28. The processor executable medium of claim 23, wherein the stored credential in- 
cludes a public key identity credential. 

29. The processor executable medium of claim 23, wherein the stored credential in- 
cludes a group membership credential. 

30. The processor executable medium of claim 23, wherein the stored credential in- 
cludes a group non-membership credential. 

3 1 . The processor executable medium of claim 23, wherein the stored credential in- 
cludes a non-revocation credential. 

32. The processor executable medium of claim 23, wherein the stored resource con- 
straints include a recency requirement. 

33. The processor executable medium of claim 23, wherein the stored resource con- 
straints include a trust level. 

34. The processor executable medium of claim 23, wherein the stored resource con- 
straints include a maximum credential chain length. 
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The processor executable medium of claim 22, the related information includes 
storing information on a credential identifier. 

The processor executable medium of claim 22, the related information includes 
storing information on when the credential was issued. 

The processor executable medium of claim 22, the related information includes 
storing information on when the credential was last used for a resource access. 

The processor executable medium of claim 22, the related information includes 
storing information on which resource the credential was last used. 

The processor executable medium of claim 22, includes refreshing credentials that 
are older than a certain time period. 

The processor executable medium of claim 22, includes refreshing credentials that 
were last used within a certain time period. 

The processor executable medium of claim 22, includes refreshing credentials that 
are older than an associated recency requirement. 
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1 42. The processor executable medium of claim 22, includes refreshing credentials that 

2 are predicted to be used in a next session. 

A system for pro-actively refreshing credentials by an entity that maintains cre- 
dentials, the system comprising: 

a memory to store a profile collection having at least one credential profile, each 
credential profile including a credential and related information; 
a circuit to read the credential profile; 

a refresh policy stored in the memory to determine if the credential needs to be re- 
freshed using the related information, wherein the circuit replaces the stored cre- 
dential with a new credential in the credential profile if the stored credential needs 
to be refreshed and the circuit updates the related information of the new creden- 
tial in the credential profile. 



1 44. The system of claim 43, wherein system further comprises: 

2 the circuit configured to determine if the credential profile for a needed credential 

3 exist; and if not, then 

4 the circuit configured to create an empty credential profile in the memory, the cir- 

5 cuit further configured to gather the credential and store the credential in the cre- 

6 dential profile, the circuit configured to obtain related information including re- 
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7 source constraints on the credential and store the information in the credential pro- 

8 file. 

i 45. The system as in claim 44, wherein the circuit is a processor. 

1 46. The system of claim 44, wherein the resource constraints is obtained by manual 

2 entry of a user. 

1 47. The system of claim 44, wherein the resource constraints is deduced through ac- 

2 cess attempts. 

1 48. The system of claim 44, wherein the resource constraints is obtained from a di- 

2 rectory. 

1 49. The system of claim 44, wherein the resource constraints is obtained from a re- 

2 source server. 

1 50. The system of claim 44, wherein the stored credential includes a public key iden- 

2 tity credential. 
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1 51. The system of claim 44, wherein the stored credential includes a group member- 

2 ship credential. 

1 52. The system of claim 44, wherein the stored credential includes a group non- 

2 membership credential. 

1 53. The system of claim 44, wherein the stored credential includes a non-revocation 

2 credential. 

1 54. The system of claim 44, wherein the stored resource constraints include a recency 

2 requirement. 

1 55. The system of claim 44, wherein the stored resource constraints include a trust 

2 level. 

1 56. The system of claim 44, wherein the stored resource constraints include a maxi- 

2 mum credential chain length. 

1 57. The system of claim 43, wherein the stored information includes a credential 

2 identifier. 
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1 58. The system of claim 43, wherein the stored information includes when the cre- 

2 dential was issued. 

1 59. The system of claim 43, wherein the stored information includes when the cre- 

2 dential was last used for a resource access. 

1 60. The system of claim 43, wherein the stored information includes on which re- 

2 source the credential was last used. 

1 61 . The system of claim 43, wherein the refresh policy refreshes credentials that are 

2 older than a certain time period. 

1 62. The system of claim 43, wherein the refresh policy refreshes credentials that were 

2 last used within a certain time period. 

1 63. The system of claim 43, wherein the refresh policy refreshes credentials that are 

2 older than an associated recency requirement. 

1 64. The system of claim 43, wherein the refresh policy refreshes credentials that are 

2 predicted to be used in a next session. 
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